Tech Firms Form Coalition for Cybersecurity Policy

A group of cybersecurity and enterprise technology firms have formed a new organization focused on helping policymakers create “consensus-driven” policy solutions.

The new Coalition for Cybersecurity Policy and Law was founded by seven tech industry companies, namely Arbor Networks, Cisco, Intel, Microsoft, Oracle, Rapid7, and Symantec.

With the legislative and regulatory policies related to cybersecurity becoming more complex, the Coalition’s goal is to focus on educating policymakers and collaborating on complicated policies.

The Coalition said it will also work toward bringing together companies to create policy solutions that promote a "vibrant and robust cybersecurity marketplace," support the development and adoption of cybersecurity innovations, and encourage organizations of all sizes to take steps to improve their cybersecurity.

Additionally, the organization said would promote the interests of the cybersecurity industry in Congress, federal agencies, international standards bodies, industry self-regulatory programs, and other relevant policymaking venues.

Some of the main areas of interest for the Coalition include promoting responsible vulnerability research and disclosure, along with effective privacy processes within cybersecurity policy, as well as establishing government requirements for agency systems. It will also focus on increasing information sharing and threat intelligence and on promoting sound cybersecurity practices in government at all levels.

The Coalition has already taken the first step into establishing its presence on the cybersecurity scene by submitting comments to the National Institute of Standards and Technology (NIST) in response to the agency’s Request for Information on the Framework for Improving Critical Infrastructure Cybersecurity.

The organization believes that the Framework is a flexible, adaptive construct for the protection of critical infrastructure in the United States, that it is purely voluntary, and that it critical infrastructure industries have already substantially accepted and adopted it. The Coalition also urges NIST to look into the specific issues that would raise from spinning-off the governing responsibility to a third-party non-profit and suggests that NIST would hold feedback meetings at an international location.

The organization encourages NIST to continue working on more complete standards for the authentication of individuals and automated devices and proposes a starting point for consideration of supply chain vulnerabilities in the Framework. The Coalition also expressed a series of concerns over the difficulty in distinguishing between different Implementation Tiers in the Framework.

The Coalition has appointed Ari Schwartz, Managing Director of Cybersecurity Services for Venable LLP, as its Coordinator. He is a former member of the White House National Security Council, where he served as Special Assistant to the President and Senior Director for Cybersecurity and led the rollout of the Cybersecurity Framework. Prior to the White House, he led the Department of Commerce’s Internet Policy Task Force.

“The members of this Coalition are dedicated to building our nation’s public and private cybersecurity infrastructure, and their insight and engagement must play a vital role in the decisions being made by our government on cybersecurity policy. The range of digital threats we face has never been greater, including criminal syndicates and state-sponsored attacks, and this Coalition will serve as the voice of the industry as we work with policymakers to develop the most effective responses to those threats,” Schwartz said.

Following numerous terrorist attacks last year, government agencies requested tech companies would introduce backdoors into their encryption tools and services, to help investigators access the communication of criminals. Many researchers and organizations, including ENISA, already suggested that the inclusion of backdoors into services would weaken security, but the dispute is far from being settled.